diff --git a/src/middlewares/CORS.ts b/src/middlewares/CORS.ts
index 88e90a4b..49470611 100644
--- a/src/middlewares/CORS.ts
+++ b/src/middlewares/CORS.ts
@@ -4,12 +4,13 @@ import { NextFunction, Request, Response } from "express";
 
 export function CORS(req: Request, res: Response, next: NextFunction) {
 	res.set("Access-Control-Allow-Origin", "*");
-	// TODO: use securer CSP policy
+	// TODO: use better CSP policy
 	res.set(
 		"Content-security-policy",
 		"default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';"
 	);
 	res.set("Access-Control-Allow-Headers", req.header("Access-Control-Request-Headers") || "*");
+	res.set("Access-Control-Allow-Methods", req.header("Access-Control-Request-Methods") || "*");
 
 	next();
 }
diff --git a/src/routes/auth/register.ts b/src/routes/auth/register.ts
index 50bac43a..49a3bd6c 100644
--- a/src/routes/auth/register.ts
+++ b/src/routes/auth/register.ts
@@ -34,6 +34,7 @@ router.post(
 			gift_code_sku_id, // ? what is this
 			captcha_key
 		} = req.body;
+		console.log("register", req.body.email, req.body.username, req.headers["cf-connecting-ip"]);
 		// TODO: automatically join invite
 		// TODO: gift_code_sku_id?
 		// TODO: check password strength
diff --git a/src/routes/users/@me/index.ts b/src/routes/users/@me/index.ts
index df477ef1..68196afe 100644
--- a/src/routes/users/@me/index.ts
+++ b/src/routes/users/@me/index.ts
@@ -1,5 +1,5 @@
 import { Router, Request, Response } from "express";
-import { UserModel, toObject } from "@fosscord/server-util";
+import { UserModel, toObject, PublicUserProjection } from "@fosscord/server-util";
 import { HTTPError } from "lambert-server";
 import { getPublicUser } from "../../../util/User";
 import { UserModifySchema } from "../../../schema/User";
@@ -28,7 +28,7 @@ router.patch("/", check(UserModifySchema), async (req: Request, res: Response) =
 		}
 	}
 
-	const user = await UserModel.findOneAndUpdate({ id: req.user_id }, body).exec();
+	const user = await UserModel.findOneAndUpdate({ id: req.user_id }, body, { projection: PublicUserProjection }).exec();
 	// TODO: dispatch user update event
 
 	res.json(toObject(user));